CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-47747 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-47747
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646. IBM DB2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.1, 10.5 y 11.1 podría permitir que un usuario autenticado con privilegios CONNECT provoque una denegación de servicio mediante una consulta especialmente manipulada. ID de IBM X-Force: 272646. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272646 https://security.netapp.com/advisory/ntap-20240307-0002 https://www.ibm.com/support/pages/node/7105502 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-47746 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-47746
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 podría permitir que un usuario autenticado con privilegios CONNECT provoque una denegación de servicio mediante una consulta especialmente manipulada. ID de IBM X-Force: 272644. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272644 https://security.netapp.com/advisory/ntap-20240307-0003 https://www.ibm.com/support/pages/node/7105505 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50271 – HP-UX System Management Homepage, Disclosure of Information
https://notcve.org/view.php?id=CVE-2023-50271
A potential security vulnerability has been identified with HP-UX System Management Homepage (SMH). This vulnerability could be exploited locally or remotely to disclose information. Se ha identificado una posible vulnerabilidad de seguridad en HP-UX System Management Homepage (SMH). Esta vulnerabilidad podría explotarse local o remotamente para revelar información. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04551en_us • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-29066 – Incorrect User Management
https://notcve.org/view.php?id=CVE-2023-29066
The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders. El software FACSChorus no asigna correctamente privilegios de acceso a datos para las cuentas de usuario del sistema operativo. Una cuenta de sistema operativo no administrativa puede modificar la información almacenada en las carpetas de datos de la aplicación local. • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-29065 – Overly Permissive Access Policy
https://notcve.org/view.php?id=CVE-2023-29065
The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database. Se puede acceder directamente a la base de datos del software FACSChorus con los privilegios del usuario actualmente conectado. Un actor de amenazas con acceso físico podría obtener credenciales, que podrían usarse para alterar o destruir datos almacenados en la base de datos. • https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software • CWE-277: Insecure Inherited Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •